Privacy-Aware Authentication in the Internet of Things

  • Hannes Gross
  • Marko Hölbl
  • Daniel Slamanig
  • Raphael Spreitzer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9476)


Besides the opportunities offered by the all-embracing Internet of Things (IoT) technology, it also poses a tremendous threat to the privacy of the carriers of these devices. In this work, we build upon the idea of an RFID-based IoT realized by means of standardized and well-established Internet protocols. In particular, we demonstrate how the Internet Protocol Security protocol suite (IPsec) can be applied in a privacy-aware manner. Therefore, we introduce a privacy-aware mutual authentication protocol compatible with restrictions imposed by the IPsec standard and analyze its privacy and security properties. With this work, we show that privacy in the IoT can be achieved without proprietary protocols and on the basis of existing Internet standards.


Internet of Things Privacy Privacy-aware authentication EPC Gen2 RFID IPsec IKEv2 



We would like to thank the anonymous reviewers for their valuable comments. This work has been supported by the Austrian Science Fund (FWF) under the grant number TRP251-N23 (Realizing a Secure Internet of Things - ReSIT), the FFG research program SeCoS (project number 836628) and by EU Horizon 2020 through project Prismacloud (GA No. 644962).


  1. 1.
    Abdalla, M., Bellare, M., Rogaway, P.: The oracle Diffie-Hellman assumptions and an analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 143–158. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  2. 2.
    Armknecht, F., Chen, L., Sadeghi, A.-R., Wachsmann, C.: Anonymous authentication for RFID systems. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 158–175. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  3. 3.
    Armknecht, F., Sadeghi, A., Scafuro, A., Visconti, I., Wachsmann, C.: Impossibility results for RFID privacy notions. Trans. Comput. Sci. 11, 39–63 (2010)MathSciNetGoogle Scholar
  4. 4.
    Armknecht, F., Sadeghi, A.-R., Visconti, I., Wachsmann, C.: On RFID privacy with mutual authentication and tag corruption. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 493–510. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  5. 5.
    Burmester, M., de Medeiros, B., Motta, R.: Anonymous RFID authentication supporting constant-cost key-lookup against active adversaries. IJACT 1(2), 79–90 (2008)zbMATHMathSciNetCrossRefGoogle Scholar
  6. 6.
    Coisel, I., Martin, T.: Untangling RFID privacy models. J. Comput. Netw. Commun. 2013, 710275:1–710275:26 (2013)Google Scholar
  7. 7.
    Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (2008)Google Scholar
  8. 8.
    Gross, H., Wenger, E., Martín, H., Hutter, M.: PIONEER—a prototype for the internet of things based on an extendable EPC Gen2 RFID tag. In: Sadeghi, A.-R., Saxena, N. (eds.) RFIDSec 2014. LNCS, vol. 8651, pp. 54–73. Springer, Heidelberg (2014) Google Scholar
  9. 9.
    Hermans, J., Pashalidis, A., Vercauteren, F., Preneel, B.: A new RFID privacy model. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 568–587. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  10. 10.
    Hermans, J., Peeters, R., Preneel, B.: Proper RFID privacy: model and protocols. IEEE Trans. Mob. Comput. 13(12), 2888–2902 (2014)CrossRefGoogle Scholar
  11. 11.
    Hummen, R., Shafagh, H., Raza, S., Voigt, T., Wehrle, K.: Delegation-based authentication and authorization for the IP-based internet of things. In: SECON, pp. 284–292. IEEE (2014)Google Scholar
  12. 12.
    Kaufman, C., Hoffman, P., Nir, Y., Eronen, P.: Internet Key Exchange Protocol Version 2 (IKEv2). RFC 5996 (Proposed Standard), Sept. 2010. Obsoleted by RFC 7296, updated by RFCs 5998, 6989Google Scholar
  13. 13.
    Kent, S., Seo, K.: Security Architecture for the Internet Protocol. RFC 4301 (2005)Google Scholar
  14. 14.
    Kothmayr, T., Schmitt, C., Hu, W., Brünig, M., Carle, G.: DTLS based security and two-way authentication for the internet of things. Ad Hoc Netw. 11(8), 2710–2723 (2013)CrossRefGoogle Scholar
  15. 15.
    Paise, R., Vaudenay, S.: Mutual authentication in RFID: security and privacy. In: ASIACCS, pp. 292–299. ACM (2008)Google Scholar
  16. 16.
    Peeters, R., Hermans, J., Fan, J.: BIHOP: proper privacy preserving mutual RFID authentication. In: RFIDSec Asia, pp. 45–56. IOS Press (2013)Google Scholar
  17. 17.
    Rescorla, E., Modadugu, N.: atagram Transport Layer Security Version 1.2. RFC 6347 (Proposed Standard), January 2012Google Scholar
  18. 18.
    Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007) CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Hannes Gross
    • 1
  • Marko Hölbl
    • 2
  • Daniel Slamanig
    • 1
  • Raphael Spreitzer
    • 1
  1. 1.Graz University of TechnologyGrazAustria
  2. 2.University of MariborMariborSlovenia

Personalised recommendations